Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
There are 286 matching records.
Displaying matches 161 through 180.
Vuln ID Summary CVSS Severity
CVE-2019-1787

A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause a heap buffer out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.

Published: April 08, 2019; 3:29:05 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-11010

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file.

Published: April 08, 2019; 3:29:05 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-11009

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file.

Published: April 08, 2019; 3:29:05 PM -0400
V3.0: 8.1 HIGH
V2.0: 5.8 MEDIUM
CVE-2019-11008

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.

Published: April 08, 2019; 3:29:05 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2019-11007

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap.

Published: April 08, 2019; 3:29:05 PM -0400
V3.0: 8.1 HIGH
V2.0: 5.8 MEDIUM
CVE-2019-11006

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet.

Published: April 08, 2019; 3:29:05 PM -0400
V3.0: 9.1 CRITICAL
V2.0: 6.4 MEDIUM
CVE-2019-11005

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value.

Published: April 08, 2019; 3:29:05 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2019-3836

It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.

Published: April 01, 2019; 11:29:01 AM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2019-7524

In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.

Published: March 28, 2019; 10:29:00 AM -0400
V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2019-0160

Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.

Published: March 27, 2019; 4:29:03 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2018-12180

Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.

Published: March 27, 2019; 4:29:03 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2019-5419

There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.

Published: March 27, 2019; 10:29:01 AM -0400
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2019-5418

There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.

Published: March 27, 2019; 10:29:01 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2019-3840

A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.

Published: March 27, 2019; 9:29:01 AM -0400
V3.0: 6.3 MEDIUM
V2.0: 3.5 LOW
CVE-2019-3861

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

Published: March 25, 2019; 3:29:01 PM -0400
V3.0: 9.1 CRITICAL
V2.0: 6.4 MEDIUM
CVE-2019-3860

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

Published: March 25, 2019; 3:29:01 PM -0400
V3.0: 9.1 CRITICAL
V2.0: 6.4 MEDIUM
CVE-2019-3857

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

Published: March 25, 2019; 3:29:01 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2019-3856

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

Published: March 25, 2019; 3:29:01 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2019-3838

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.

Published: March 25, 2019; 3:29:01 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-3835

It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.

Published: March 25, 2019; 3:29:01 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM